Systems and Methods Providing a Separable Digital Rights Management Application

ABSTRACT

Systems and methods providing content having digital rights management (DRM) applications separable from other authorization applications are provided. A system may include a distribution service provider system in communication with a content provider system and consumer premise equipment (CPE) for the transmission of content from the content provider system to the CPE device. The distribution service provider system may: receive A/V content provided by the content provider system, wherein the A/V content includes a DRM application; apply a conditional access system (CAS) application to the A/V content that is independent of the DRM application; and transmit the A/V content including the CAS and the DRM applications to the CPE for presentation. The CPE device can perform DRM authorizations with the content provider or a third-party DRM provider.

FIELD OF THE INVENTION

Aspects of the invention relate generally to media networks, and moreparticularly, to systems and methods providing a separable digitalrights management application.

BACKGROUND OF THE INVENTION

Digital rights management (DRM) solutions often present problems betweencontent providers and service providers, such as content distributionnetworks or other media or content distribution systems. Contentproviders that generate and/or provide content (e.g., audio-visualcontent, text-based content, non-text-based content, graphic content,software applications, etc.) to distribution network operators desire toprotect the content and limit the use and/or distribution of the contentto authorized use and/or distribution. Otherwise, unauthorized use ofcontent can lead to unauthorized (and often unlawful) bypassing of thecontent providers to obtain the same content (e.g., pirated versions,unauthorized copying, using, or sharing), which in turn results inreduced revenue to the content providers because of the decreased demandfor content through authorized channels. Similarly, service providersthat distribute content or otherwise facilitate the distribution ofcontent to consumers also share similar concerns and a desire to avoidresponsibility for downstream unauthorized uses. As a result, contentproviders and service providers struggle with providing a superior DRMsolution to distributed content, which has yet to be identified. Manyproposed DRM solutions overly complicate content preparation,distribution, and/or authorization processes, and unduly distractservice providers from their core business of content distribution.

Accordingly, there exists a need for systems and methods that improvethe provision of DRM applications by providing separable DRM.

BRIEF DESCRIPTION OF THE INVENTION

Some or all of the above needs and/or problems may be addressed bycertain embodiments of the invention. According to one embodiment, asystem for providing content having digital rights managementapplications separable from other authorization applications isprovided. The system may include a distribution service provider systemincluding at least one processor and memory storing computer-executableinstructions, wherein the distribution service provider system is incommunication with a content provider system and consumer premiseequipment (CPE) for the transmission of content from the contentprovider system to the CPE. The distribution service provider system maybe configured to: receive audio and/or video content (A/V content)provided by the content provider system, wherein the A/V contentincludes a digital rights management (DRM) application; apply aconditional access system (CAS) application to the A/V content, whereinthe CAS application is independent of the DRM application; transmit theA/V content including the CAS application and the independent DRMapplication to the CPE for presentation; and perform CAS authorizationwith the CPE to authorize the A/V content according to the CASapplication independent of the DRM application, wherein additional DRMauthentication is to be performed by the CPE according to the DRMapplication.

According to another embodiment, a method for providing content havingdigital rights management applications separable from otherauthorization applications is provided. The method may include:receiving audio and/or video content (A/V content) from a contentprovider system, wherein the A/V content includes a digital rightsmanagement (DRM) application; applying a conditional access system (CAS)application to the A/V content, wherein the CAS application isindependent of the DRM application; transmitting the A/V contentincluding the CAS application and the independent DRM application to acustomer premise equipment (CPE) for presentation; performing CASauthorization with the CPE to authorize the A/V content according to theCAS application independent of the DRM application, wherein additionalDRM authentication is to be performed by the CPE according to the DRMapplication.

Additional systems, methods, apparatus, features, and aspects may berealized through the techniques of various embodiments of the invention.Other embodiments and aspects of the invention are described in detailherein with reference to the description and to the drawings and areconsidered a part of the claimed invention.

BRIEF DESCRIPTION OF THE DRAWINGS

Reference will now be made to the accompanying drawings, which are notnecessarily drawn to scale, and wherein:

FIG. 1 is a block diagram illustrating a content distribution systemcapable of providing separable DRM, according to an example embodiment.

FIG. 2 is a block diagram illustrating a computer system, according toan example embodiment.

FIG. 3 is a flow diagram illustrating a method for providing separableDRM, according to an example embodiment.

FIGS. 4A-4C are block diagrams illustrating operations of a systemproviding separable DRM, according to example embodiments.

FIGS. 5A-5C are block diagrams illustrating operations performed oncontent, according to example embodiments.

FIGS. 6A-6D are block diagrams illustrating operations performed oncontent, according to example embodiments.

FIGS. 7A-7C are diagrams illustrating DRM applications associated withcontent, according to example embodiments.

DETAILED DESCRIPTION

Embodiments of the invention now will be described more fullyhereinafter with reference to the accompanying drawings, in whichembodiments of the invention are shown. This invention may, however, beembodied in many different forms and should not be construed as limitedto the embodiments set forth herein; rather, these embodiments areprovided so that this disclosure will be thorough and complete, and willfully convey the scope of the invention to those skilled in the art.Like numbers refer to like elements throughout.

Embodiments described herein include systems and methods providingseparable digital rights management. According to one embodiment, acontent distribution service provider (also referred to hereininterchangeably as a “distribution service provider” or a “serviceprovider”) receives audio and/or visual content (A/V content) from acontent provider for delivery to one or more subscribers. Upon receiptof the A/V content, the distribution service provider may wish toprocess or manipulate the A/V content, such as for adding commercials toa video stream, adjusting resolution, etc. However, the A/V content maybe protected by a DRM application provided or otherwise associated withthe A/V content by the content provider to protect the content andprevent unauthorized use. In some instances, the A/V content may furtherinclude or otherwise have a conditional access system (CAS) applicationthat also sets forth limits to the use of the A/V content, which is,however, independent of and separate from the DRM application. In someembodiments, both the CAS application and the DRM application areprovided with the A/V content prior to receipt by the distributionservice provider. Accordingly, upon receiving A/V content, adistribution service provider can remove the CAS application and removethe DRM application to allow processing the A/V content as desired.After performing the desired processing, the distribution serviceprovider can re-apply the DRM application (which may be the same or adifferent DRM application) and apply a CAS application to the A/Vcontent prior to distribution over a distribution network to endsubscribers. The CAS application is separate from the DRM application,and typically will be a different CAS application than that provided bythe content provider or at least represent different rights, but notalways.

In various embodiments, the DRM application is provided with the A/Vcontent either by the content provider or by a third-party DRM systemprior to delivery of the A/V content to the distribution serviceprovider. Accordingly, the distribution service provider need not beresponsible for or maintain DRM application programming, policies,rights, verification, versions, or any other processing associated withimplementing a full DRM solution with digital content. Instead, eitherthe content provider or a third-party DRM system bears DRM processingresponsibilities. As such, subscriber devices (also referred to hereininterchangeably as “customer premise equipment” and/or “target devices”)include programming and associated capabilities to handle DRMapplication processing and verification directly with either the contentprovider or a third-party DRM system, without having to perform DRMprocessing with the distribution service provider. This separated DRMsolution allows the distribution service provider to focus on contentdistribution, and not DRM verification processing. Moreover, accordingto embodiments described herein, content providers and/or devicemanufacturers are left to determine the DRM solution desired for contentand/or device usage, and are not limited to that implemented by adistribution service provider because the distribution serviceprovider(s) do not provide the DRM solution, but instead distribute theA/V content with the DRM application as provided by the content provideror third-party DRM system.

However, to allow the distribution service provider to process the A/Vcontent prior to distribution over the network, the DRM applicationassociated with the A/V content as received from the content providercan first be removed or otherwise penetrated by the distribution serviceprovider. Accordingly, the distribution service provider system includesa trusted domain, which provides secured processing and memory thatprotects A/V content against physical and logical attacks according tothe DRM application. Otherwise, without a trusted domain, the A/Vcontent may be exposed, allowing access or modification. The trusteddomain allows removal of the DRM application from the A/V content whilestill protecting the A/V content from external access or modification.Within the trusted domain, the distribution service provider system canprocess or manipulate the A/V content, which may include addingcommercials to a video stream, adjusting resolution, and the like. Afterprocessing the A/V content, the DRM application is re-added to the A/Vcontent within the trusted domain. Accordingly, the A/V content retainsits DRM application within the service provider everywhere but withinthe trusted domain, which sufficiently protects the A/V content fromunauthorized access or use.

Similarly, if a CAS application is included with the A/V content fromthe content provider, the distribution service provider can be operableto remove the CAS application from the A/V content prior to removal ofany DRM application (and after performing CAS authorization between thedistribution service provider and the content provider). Afterre-applying the DRM application to the A/V content within the trusteddomain, a different (or same) CAS application can be applied to orotherwise associated with the A/V content prior to distribution tosubscribers. This second applied CAS application is used to determinewhether the subscriber is authorized to receive the content from thedistribution service provider, while the DRM application morecomprehensively defines the general rights and limitations associatedwith use of the A/V content, which will be resolved with the contentprovider and/or a third-party DRM system.

Upon receipt of the A/V content that includes both a CAS applicationfrom the distribution service provider and a DRM application from thecontent provider or third-party DRM system at a subscriber's device, CASauthorization is performed with the distribution service provider. IfCAS authorization is successful, use of the A/V content will be subjectto the rights and limitations provided by the DRM application, whichwill be resolved with the content provider and/or a third-party DRMsystem, as set forth in the DRM application received with the A/Vcontent. CAS or DRM authorization is not required to be performed onlinebetween the two respective systems, but may instead be performedutilizing certificates and/or cryptographic keys that may be exchangedor updated in real-time or offline and already stored on the viewer'sdevice. Moreover, it is possible that, in some embodiments, thesubscriber's device may also remove the DRM application from the A/Vcontent as received, and apply a different DRM application, such as whensharing the A/V content with another target device that utilizes adifferent DRM solution, or when adjusting the resolution of the A/Vcontent, which may require a lower resolution DRM application.

Accordingly, the solutions described herein allow a content provider toselect the DRM solution that meets its business needs, and not bedependent upon or dictated by a distribution service provider. Thus, thecontent provider can alter or adjust the DRM solution applied to contentbased on DRM technology available at that time, and based upon theimport of the content. For example, as newer and/or more valuable A/Vcontent is being provided, a content provider, not being tied to a DRMsolution dictated by a distribution service provider, can implement thenewest or most appropriate DRM solution for the specific content beingdistributed.

As used herein, unless explicitly indicated otherwise, the term “A/Vcontent” may refer to any content distributable over a contentdistribution network, such as, but not limited to: audio content, videocontent, graphic content, a video on-demand asset, any other on-demandasset, text-based content, non-text-based content, a softwareapplication, and the like.

As used herein, unless explicitly indicated otherwise, the term“distribution service provider” may refer to any service provideroperable to distribute content over a content distribution network,which may include, but is not limited to: a cable provider, a multiplesystems operator, a satellite provider, an IP content provider, or adigital media host (systems providing digital content over a network,such as digital music hosts, digital video hosts, e-book hosts, softwareproviders, etc.), and the like.

As used herein, unless explicitly indicated otherwise, the term “CASapplication” may refer generally to a system and/or associatedprogramming logic that controls whether a system or device has access todistributed content, which may optionally include a temporal accesslimitation.

As used herein, unless explicitly indicated otherwise, the term “DRMapplication” may refer generally to a system and/or associatedprogramming logic that prescribes the rights and limitations for the useof associated content, which is more comprehensive than a CASapplication, and which implements corresponding controls, such as, butnot limited to, prescribing rights based on time (duration), limitingthe ability to copy, limiting the number of times content can be copied,limiting how often content can be copied, prescribing the format(s)and/or resolution(s) that are allowed, prescribing the interface(s)and/or hardware with which the content can be used, and the like.

More details regarding the various means for implementing theembodiments of the invention are provided below with reference to FIGS.1-7C.

System Overview

An example system 100 will now be described illustratively with respectto FIGS. 1 and 2. The system 100 for providing separable DRMapplications may include one or more content providers and associatedcontent provider systems 102, one or more distribution service providersand associated distribution service provider systems 104, one or morecustomer premise equipment (CPE) devices 106, and optionally one or morethird-party DRM systems 108. A content provider system 102 is incommunication with a distribution service provider system 104 over afirst distribution network 110, which allows transmitting the A/Vcontent and performing CAS and/or DRM authorization therebetween. Aservice provider system 104 is in communication with one or more CPEdevices 106 over a second distribution network 112, which allows thedistribution to subscribers of A/V content that has a CAS applicationand a separate DRM application. In addition, one or more of the contentprovider systems 102, service provider systems 104, CPE devices 106, andthird-party DRM systems 108 may be in communication with another network114, such as the Internet, or any other wired and/or wireless public orprivate network.

Each of the aforementioned systems or system components can be embodiedas a computer or a system of computers. FIG. 2 illustrates an examplecomputer 200, which may be one or more processor-driven devices, suchas, but not limited to, a server computer, a personal computer, and thelike. In addition to having one or more processors 225, each computer200 may also further include one or more memories 205, one or moreinput/output (I/O) interfaces 240, and one or more network interfaces245. All of these components may be in communication over a data bus230. The memory 205 may store data 215, various program logic 210 (suchas the various programming modules described with reference to FIG. 1),and an operating system (OS) 220. In addition, in some embodiments, thememory 205 may further store a client and/or host module for accessingother computer devices and/or allowing access to the computer 200. Thememory may further store a database management system (DBMS) foraccessing one or more databases or other data storage devices. The datastorage devices may be operative for storing content, associated contentinformation, subscriber account information, programming information,CAS operation logic, DRM operation logic, and/or other informationaccessible by a computer 200. The I/O interface(s) 240 may facilitatecommunication between the processor 225 and various I/O devices, such asa keyboard, mouse, printer, microphone, speaker, monitor, and the like.The network interface(s) 245 may take any of a number of forms, such as,but not limited to, a network interface card, a modem, a wirelessnetwork card, and the like.

In one embodiment, such as when the computer 200 is included as part ofa distribution service provider system 104, the network interfaces 245may include network system hardware, software, and/or firmware operableto provide content and other data transmission over the first and/or thesecond distribution network 110, 112, such as over an in-band and anout-of-band channel with a CPE device 106 (e.g., a set-top box, mediagateway, and/or television, etc.) or with a content provider system 102,or over the network 114, such as when communicating with a third-partyDRM system 108 and/or with other systems over the Internet, for example.

In another embodiment, such as when the computer 200 is included as partof a CPE device 106, the network interfaces 245 may include networksystem hardware, software, and/or firmware operable to receive contentand other data transmission over the second distribution network 112,such as over an in-band and an out-of-band channel from a distributionservice provider system 104. In addition, the network interfaces 245 mayinclude network hardware that enables communication over the network114, such as the Internet, which may be utilized to communicate withcontent provider systems 102 and/or third-party DRM systems 108 forperforming DRM authorization, or with other third-party systems, such asfor receiving content not provided by the distribution service providersystem 104, for example.

Accordingly, each computer 200 is configured for accessing and readingassociated computer-readable media having data stored thereon and/orcomputer-executable instructions for implementing the various methodsdescribed herein. By executing computer-executable instructions, each ofthese computer systems may form a special purpose computer or aparticular machine. As used herein, the term “computer-readable medium”may describe any form of computer memory or memory device.

With reference to the content provider system 102, various programmingmodules may be included therewith or otherwise executable thereby.Examples of a content provider include, but are not limited to, cablenetworks, movie and/or television studios, digital music providers orretailers, software providers or retailers, and other digital contentproviders. Example programming modules include, but are not limited to,a content storage module 120, a DRM operations module 122, a CASoperations module 124, and a distribution module 126.

The content storage module 120 facilitates the storage and retrieval ofA/V content within the content provider system 102. It is appreciatedthat, according to various embodiments, a content provider system may bededicated to one or a few types of A/V content (e.g., only A/V content,only audio content, etc.), or may provide many or all types of A/Vcontent. According to one embodiment, the DRM operations module 122facilitates the addition of DRM applications to A/V content prior totransmission to distribution service provider systems 104, as well asoptionally the subsequent DRM authorization processing between thesubscribers' CPE devices 106 and/or the distribution service providersystems 104. In another embodiment, the DRM operations module 122coordinates the addition of DRM applications to A/V content by one ormore third-party DRM systems 108, such as by communicating therewith andreceiving content having associated DRM applications over the network114. In another example, a third-party DRM system 108 may have access tothe content provider system 102 to enable the third-party DRM system 108to add the DRM application to A/V content within the content providersystem 102. The CAS operations module 124 operates in a manner similarto the DRM operations module 122, facilitating the addition of CASapplications to A/V content prior to distribution and performingsubsequent CAS authorizations between the distribution service providersystems 104 and the respective content provider system 102. Thedistribution module 126 facilitates the distribution of A/V content,having DRM and optionally CAS applications added thereto, over the firstdistribution network 110 to one or more distribution service providers104.

With reference to the distribution service provider system 104, variousprogramming modules may be included therewith or otherwise executablethereby. As discussed above, a distribution service provider may referto any service provider operable to distribute content over a contentdistribution network, which may include, but is not limited to: a cableprovider, a multiple systems operator, a satellite provider, an IPcontent provider, or a digital media host (systems providing digitalcontent over a network), and the like. Accordingly, a distributionservice provider system may represent a multiple-system operator (MSO)system, or other content network operator system, and may logicallyinclude operations performed in part by the network plant, the headend,and/or any other component or device of a conventional network operatorsystem. Example programming modules include, but are not limited to, aCAS operations module 140, a DRM operations module 142, a contentmanipulation module 144, and a distribution module 146.

The CAS operations module 140 performs CAS authorization between thedistribution service provider system 104 and the respective contentprovider system 102 for A/V content received that includes a CASapplication. CAS authorizations may be performed one-way or two-waybetween the two systems. In addition, the CAS operations module 140facilitates the addition of CAS applications to A/V content prior totransmitting the A/V content to subscribers, such as after havingremoved and re-applied a DRM application. The DRM operations module 142facilitates removal of DRM applications from A/V content upon receipt toallow subsequent processing of the content, as well as the subsequentre-application of the DRM application with the A/V content prior todistribution. In one embodiment, the operations provided by the DRMoperations module 142 are performed within the trusted domain of thedistribution service provider system 104, preventing outside orunauthorized access or use of A/V content while the DRM application isremoved for processing the content. It is appreciated that, in oneembodiment, the trusted domain of the distribution service providersystem 104 entails a separate device or system component that is secureaccording to the rights and limitations conferred by the DRMapplication; however, in other embodiments, the trusted domain may be asecured segment of any other device or system component supportingadditional functionality. The content manipulation module 144 isutilized to facilitate processing A/V content within the trusted domainof the distribution service provider system 104. Processing A/V contentmay include, but is not limited to, manipulation, removal, and/or addingto content streams (e.g., adding audio and/or video to content streams,such as inserting advertisements), altering content resolution, or rateor traffic shaping. The distribution module 146 facilitates thedistribution of A/V content having DRM and CAS applications addedthereto over the second distribution network 112 to one or moresubscriber CPE devices 106. Distribution may be linear, non-linear(e.g., unicast, etc.), or a combination thereof.

With reference to the subscriber's CPE systems or devices 106, variousprogramming modules may be included therewith or otherwise executablethereby. CPE devices 106 may include any number of subscriber devicesthat are at least operable to receive A/V content over the seconddistribution network 112 (e.g., over a cable network, a satellitenetwork, and/or an IP network), including, but not limited to, a mediagateway device, a set-top box, a television (e.g., a tru2way enabledtelevision or other presentation device), a cable card, a digital videorecorder (DVR), a media computer system, and the like. A CPE device 106may be a display only device (e.g., television, monitor, etc.), atranscode device (e.g., a media gateway, etc.), or a combination device(e.g., a tru2way enabled television, a media computer system, etc.). Itis further appreciated that a CPE device 106 may facilitate transmissionof content with other CPE devices 106 or other subscriber target devicesthat may not perform all of the functions as the CPE device 106, suchas, but not limited to, a digital media player, a smart phone, apersonal computer, a television, a DVR, a storage device (e.g., internalor external hard drive or other memory device, etc.), and the like.Example programming modules include, but are not limited to, a CASoperations module 160, a DRM operations module 162, a contentmanipulation module 164, a presentation module 166, a storage module168, and a transmission or sharing module 170. The CAS operations module160 performs CAS authorization between the CPE device 106 and thedistribution service provider system 104 for A/V content received thatincludes a CAS application.

The DRM operations module 162 performs DRM authorization with thecontent provider system 102 and/or a third-party DRM system 108,according to the DRM application provided with the A/V content. In someembodiments, the DRM operations module 162 facilitates removal of DRMapplications from A/V content to allow subsequent processing of thecontent, as well as the subsequent re-application of the DRM applicationwith the A/V content. In one embodiment, the operations provided by theDRM operations module 162 are performed within a trusted domain of theCPE device 106 according to the DRM application rights and limitations,much like the trusted domain described with reference to thedistribution service provider system 104. A/V content may be processedby the CPE device 106, such as to enable modifying content (e.g.,altering content resolution) before transmitting it to another of thesubscriber's target device, or to enable modifying or changing the DRMapplication to a different DRM application supported by the targetdevice if allowed by the original DRM application received with the A/Vcontent.

Accordingly, the DRM operations module 162 includes logic operable toexecute, and perform DRM operations and authorizations with, the DRMapplication transmitted or associated with received A/V content. The DRMoperations may be performed in real- and/or near real-time. The DRMoperations module 162 may further store or otherwise accessauthorization, encryption, and decryption information, including, butnot limited to, certificate keys, hard-coded encryption schemes,encryption/decryption logic (e.g., a codec for encryption and/ordecryption, etc.), and/or renew keys. For example, in one embodiment,the DRM operations module 162 includes multiple keys with at least onekey or set of keys operable to facilitate DRM authorization, encryption,and/or decryption, and at least one key or set of keys to facilitate therenewal of keys, in case of a breach of the DRM information. In additionto renewing keys or other DRM information after a breach, the DRMoperations module 162 and/or the DRM application provided with the A/Vcontent may also be self-renewable by downloading a new or updated DRMapplication over a network when executed (e.g., if being executed aftera period of time from original receipt of the content, which may occurin time-shifting scenarios, such as when storing content in memory orwith a DVR).

Because the CPE device 106 (and/or other subscriber target devices) mayvary as to what type of operations may be performed (e.g., display onlydevices, transcoding only devices, or a combination thereof, etc.), theDRM operations module 162 may further include logic operable to permitimplementing various level of DRM logic specific to the type of CPEdevice 106 executing the DRM application. For example, the DRMoperations module 162 may include logic that will alter the DRMapplication received with A/V content according to the level of DRMsupport and/or type of compatible DRM application intended to beprovided by the CPE device 106 (e.g., alter the DRM applicationresolution/transcode per the device's capabilities), so long as the DRMoperations are within the rights and limitations prescribed by theoriginal DRM application transmitted with the A/V content. It is evenpossible, in one embodiment, that the DRM operations module 162 beoperable to execute more than one DRM application type, such as toperform transcoding or other DRM alterations, or such as if the A/Vcontent received includes two DRM application types (e.g., one for themain content and one for advertising or other content spliced into thecontent stream).

The content manipulation module 164 is utilized to facilitate processingA/V content. The presentation module 166 includes the softwareprogramming and/or hardware that allows presenting the A/V content, suchas displaying audio and/or visual content and graphic content by atelevision, computer, monitor, or projector, playing audio content by anaudio device, operating software content by a computer, and the like.The storage module 168 facilitates the storage of A/V content within theCPE device 106 or a separate storage device. It is appreciated, muchlike transmitting or sharing content with another target device, storagemay call for content alteration (e.g., if the content resolution must bereduced for storage, etc.) and/or DRM application modification, change,or removal prior to storage, all of which may be done by the storagemodule 168 and/or the content manipulation module 166. The transmissionor sharing module 170 facilitates the transmission of A/V content fromthe CPE device 106 on which the A/V content was originally received (oran intermediary CPE device) to another CPE device 106 or othersubscriber's target device.

The third-party DRM system 108 may include similar programming logic toenable: applying DRM applications to A/V content on behalf of a contentprovider; sharing DRM applications with content providers; distributingDRM host software to subscriber devices; authorizing DRM content betweensubscriber devices, distribution service providers, or other systems;and the like.

According to one embodiment, the first distribution network 110 mayinclude any number of private networks, which may be wired or wireless,accessed by one or more content provider systems 102 and one or moredistribution service provider system 104. Private network links mayexist between a distribution service provider system 104 and eachcontent provider system 102. In other embodiments, the firstdistribution network 110 may be any number of public networks (or incombination with private networks), such as the Internet or any otherwired or wireless network. The second distribution network 112 mayinclude any number of networks, which may be public, private, or acombination thereof, including a cable television broadcast network(e.g., fiber network, coaxial network, a hybrid fiber-coaxial network,etc.), a satellite broadcast network, an IP network, and the like, whichare operable to support transmission according to various media/contentand transmission protocols (e.g., MPEG 2, ISO 13818-1, etc.). The firstand second distribution networks 110, 112 may support downstream,upstream, and/or bi-directional communications. The network 114 may beany public or private network, wired or wireless, such as the Internet,or a local area network, a wide area network, a publicly switchedtelephone network (PSTN), an intranet, intermediate handheld datatransfer devices, and/or any combination thereof. It is appreciated thatthe network 114 may be accessible via a wireless device (e.g., smartphone, etc.) via a wireless network provider (e.g., cellular network,Wi-Fi, WiMAX, etc.). Due to network connectivity, various methodologiesdescribed herein may be practiced in the context of distributedcomputing environments. Although the system 100 is shown for simplicityas including one intervening first distribution network 110, seconddistribution network 112, and network 114, it is to be understood thatany other network configuration is possible, which may optionallyinclude a plurality of networks, each with devices such as gateways androuters, for providing connectivity between or among networks.

In addition, the system 100 shown in and described with respect to FIG.1 is provided by way of example only. Numerous other operatingenvironments, system architectures, and device configurations arepossible. For example, any of the aforementioned systems may be providedby way of a distributed computing environment, such that some functionsare provided by one system or system component and other functions areprovided by others, or such that some functions are replicated acrossmultiple systems, such as to provide redundant processing or back-upcapabilities. Moreover, while names are explicitly provided for variousprogramming modules, it is appreciated that any of the aforementionedfeatures or below-described operations may be performed within the sameor different modules, and that the names are provided for illustrativepurposes only and are not intended to constrain the operations describedherein. Accordingly, while the example embodiments described herein mayrefer to functionality and/or components as provided by a single system,it is appreciated that the functionality and/or components may bedistributed across multiple computers or other systems. Embodiments ofthe invention therefore should not be construed as being limited to anyparticular operating environment, system architecture, or deviceconfiguration.

Operational Overview

Example operations of the system 100 will now be described in moredetail with reference to FIGS. 3-7C. FIG. 3 provides a flowchart of anexample method 300 for providing separable DRM with A/V content. Variousoperations of the method can be performed by one or more of theprogramming modules associated with the content provider system 102, thedistribution provider system 104, the CPE device 106 or other associatedtarget devices, and/or a third-party DRM system 108, such as aredescribed with reference to FIG. 1. The flowchart illustrates certainoperations as occurring within or otherwise performed by or on behalf ofthe content provider system 102, the distribution provider system 104,and the CPE device 106, according to one embodiment; however, it isappreciated that, in other embodiments, some of the operations may beperformed by different systems.

The method 300 may begin at block 302, in which A/V content is madeavailable for distribution from a content provider system 102. In oneembodiment, the content provider system 102 stores or otherwise hasaccess to all A/V content being distributed. However, in otherembodiments, at least some of the A/V content may be obtained from aremote storage system over a network, which may be maintained by thecontent provider system 102 or by a third-party content provider orother system. The A/V content is formatted according to the networkstandards over which it will be distributed as well as, optionally, thedevice standards intended to present the content. It is appreciated,however, that A/V content in one format may subsequently be altered orformatted according to a second different format.

At block 304, the content provider system 102 applies or otherwiseassociates a DRM application to the A/V content. In one embodiment,instead of or in addition to that provided by the content providersystem 102, a third-party DRM system 108 may apply or associate a DRMapplication to the A/V content.

FIGS. 7A-7C illustrate example methods by which a DRM application can beapplied to A/V content stream. FIG. 7A represents a DRM application 704being applied to an A/V content stream 702 in a carrousel fashion, suchthat access to the DRM application 704 need not occur at the beginningof the A/V content stream 702, but may be gained at a number of pointsthroughout the A/V content stream 702. This may be particularly usefulif the A/V content stream 702 is a linear stream where a subscriber'spoint of initial access is likely undeterminable. FIG. 7B represents aDRM application 706 being applied at the beginning of an A/V contentstream 702, which calls for acquisition of the A/V content stream 702,and thus the DRM application 706, at the beginning of the stream 702.This arrangement may be applicable for non-linear content delivery, suchas with video on-demand (or other on-demand) assets, or othersubscriber-requested downloads. FIG. 7C represents a DRM application 708that is delivered separately from an A/V content stream 702, such as iftransmitted out-of-band (e.g., simultaneously with acquiring the A/Vcontent 702 or tuning to a channel) or if retrieved from a local orremote storage device, memory, or other system. As used herein, “AVD”refers to A/V content also containing or otherwise associated with a DRMapplication.

At block 306, the content provider system 102 applies a CAS applicationto the A/V content after applying the DRM application. The CASapplication is utilized to control access to the A/V content by theservice provider system. As used herein, “AVDC” refers to A/V contentcontaining or otherwise associated with a DRM application and a CASapplication. After block 306 is block 308, in which the content providersystem 102 transmits the A/V content (AVDC) to the distribution serviceprovider system 104, such as over the first distribution network 110described with reference to FIG. 1. Additional details regarding theoperations of the content provider system 102 performing theseoperations is provided with reference to FIGS. 4A-4C and 5A.

Accordingly, at block 310, the distribution service provider system 104receives the A/V content having both the CAS application and the DRMapplication applied or otherwise associated therewith (AVDC). At block312, the distribution service provider system 104 performs CASauthorization with the content provider system 102, such as over thefirst distribution network 110 (or over any other network). In otherembodiments, CAS authorization may be based on locally stored CASinformation (e.g., certificates, keys, etc.) that does not requirereal-time network communication. After determining that the distributionservice provider system 104 is authorized to receive the A/V content,the CAS application is removed at block 314, resulting in A/V contentcontaining the DRM application but no CAS application (AVD).

Similarly, at block 316, the distribution service provider system 104performs DRM authorization, which may be performed with the contentprovider system 102, with a third-party DRM system 108, and/or based onlocally stored DRM information. After authorization of the distributionservice provider system 104 according to the DRM application, the DRMapplication is stripped or otherwise removed from the A/V content atblock 318, resulting in A/V content having no DRM or CAS applications,simply referred to herein as “AV”. As discussed above, the DRMapplication is removed from the A/V content within a trusted domain ofthe distribution service provider system 104, protecting the A/V contentfrom unauthorized uses when stripped of the DRM application. At block320, any manipulation or other processing of the A/V content may beperformed, such as to insert advertisements, perform rate shaping, alterresolution, alter encoding, and the like, all of which may also beperformed within the trusted domain of the distribution service providersystem 104. After any desired processing is performed, the DRMapplication, which may be the same or a different DRM application, isre-applied to the A/V content at block 322 within the trusted domain,resulting in AVD. In one embodiment, the resulting A/V content (AVD) mayinclude two types of DRM applications, such as if content from twodifferent content providers, which are protected by two different DRMapplication types, are combined together by the distribution serviceprovider system 104. It is appreciated that, in some embodiments, theDRM application may not be removed from the A/V content, such as if theA/V content does not need to be processed prior to distribution to asubscriber.

At block 324, a CAS application, which typically, but not always, willbe a different CAS application from that provided by the contentprovider system 102 at block 306, is applied to the A/V content,resulting in AVDC. The CAS application applied at block 324 may be usedto authorize access to the A/V content by a subscriber CPE device 106.Finally, at block 326, the A/V content (AVDC) is distributed over thesecond distribution network 112 to one or more subscribers' CPE device106.

The subscriber's CPE device 106 receives the A/V content containing botha separate DRM application and CAS application (AVDC) at block 328.Following block 328 is block 330, in which the CPE device 106 performsCAS authorization with the distribution service provider system 104. Itis appreciated that, like that described above, CAS authorization may beperformed over the second distribution network 112 (or over any othernetwork), or may be performed based on locally stored CAS information(e.g., certificates, keys, etc.) that does not require real-time networkcommunication. Upon confirming the CPE device 106 is authorized toaccess the A/V content according to the CAS application, the CASapplication may be removed from the A/V content (AVD) at block 332.After removing the CAS application, the CPE device 106 performs DRMauthorization with the content provider system 102 and/or a third-partyDRM system 108 at block 336, according to the DRM application applied tothe AVD.

If authorized according to the DRM application, and if desired, the CPEdevice 106 may optionally remove the DRM application at block 336 andsubsequently manipulate the A/V content (AV) at block 338. For example,manipulation may be performed to reduce resolution or otherwise alterencoding of the A/V content, insert content, and the like. Contentmanipulation may be performed to enable storing the A/V content ortransferring the A/V content to another target device, according to theDRM application and the target device requirements. After performing anydesired content manipulation, the CPE device 106 may then, at block 340,re-apply the same or a different DRM application to the A/V content(AVD). A different DRM application may be applied to the A/V content inexamples, such as if a lower DRM resolution is required or a differentDRM protection scheme is required by a target device. Altering the DRMapplication may, in one embodiment, be performed according to the rightsand limitations of the originally provided DRM content, such as to onlyprovide the same or fewer rights as were originally allowed.

Following block 340, the CPE device 106 may perform one or more ofblocks 342, 344, and/or 346, which include presenting the content (e.g.,displaying, playing, operating, etc.), storing the content (e.g., in aDVR, memory, or other storage device, etc.), or transmitting to asubscriber's second target device (e.g., transmitting to a smart phone,a digital media player, etc.), respectively. If transmitted to a targetdevice, blocks 348-354 follow, in which DRM authorization is performed,and one or more of the same options of presenting, storing, and/ortransmitting may be performed.

Accordingly, the method 300 may end after block 354, having transmittedA/V content from a content provider via a distribution service providerto a CPE device 106 and subsequently a secondary target device, or afterany one of blocks 342-346, having presented, stored, and/or transmittedthe A/V content.

FIGS. 4A-4C are block diagrams illustrating example operations and dataflow of systems providing separable DRM, according to exampleembodiments. While the method 300 illustrated in and described withreference to FIG. 3 represents general operations that may be performedto provide separable DRM with A/V content, the example operationsillustrated in FIGS. 4A-4C describe in additional detail variousillustrative scenarios, according to example embodiments. With referenceto FIG. 4A, the block diagram 400 represents one embodiment ofillustrative operations and data flow performed by systems for providingseparable DRM, such as the systems described with reference to FIG. 1.

According to one embodiment, A/V content is stored 401 at a contentprovider system 102, such as within a content storage system, which mayinclude a storage server, tape storage, disk storage, and/or othermemory or data storage device where any A/V content is stored fordistribution to subscribers (via a distribution service provider, forexample). As described above, in other embodiments, A/V content may bestored remotely from the content provider system 102, and may beaccessed over a network or otherwise prior to applying DRM applicationsand distributing to subscribers. The content storage system may be incommunication with a DRM operations module of the content providersystem over an interface, which may be any wired or wirelesscommunications interface, such as an IP interface allowing for real-timestreaming of A/V content between the content storage system and the DRMoperations module. Similarly, for any of the communications and/ortransmission operations within a single system described with referenceto FIGS. 4A-4C, the transmissions may be within a single devicecomponent, or may be over any private, semi-private, or public wired orwireless communications link between two systems or system components.Moreover, in some embodiments, data and/or content may be transmitted bya physical exchange of storage medium, such as tape storage, diskstorage, or other data storage devices exchangeable between parties.

Accordingly, A/V content may be communicated 402 from the contentstorage system to the DRM operations module for applying a DRMapplication 403 (also referred to herein as “DRM encapsulation”) torespective A/V content. The DRM operations module may be any system orsystem component (including any programming module) that processes A/Vcontent 403 such that it is protected by a DRM application and has theDRM application properly associated therewith. According to variousembodiments, the particular DRM application provided may be decided by acontent provider system, by the subscriber device on which the contentis intended to be used, by the distribution service provider, and/or bya third-party DRM provider. In addition, the DRM encapsulation 403 maybe performed the content provider system 102, or by a third-party DRMsystem 108. For example, if DRM encapsulation 403 is performed by athird-party DRM system 108, the A/V content may be communicated 404 fromthe content storage system to the third-party DRM system 108 over anetwork, instead of internally within the content provider system 102,after which it is transmitted back 405 to content provider system 102,such as to the DRM operations module, the content storage system, or theCAS operations module. Otherwise, a third-party DRM system 108 may haveaccess to the A/V content within the content provider system 102 toallow applying the DRM thereto.

After DRM encapsulation 403, the A/V content is transmitted 406 to a CASoperations module to apply a CAS application to the A/V content (alsoreferred to herein interchangeably as “CAS encapsulation”) 407. The CASapplication generally protects access to the A/V contents, as decided bythe content provider. In coordination with the CAS operations module,CAS control 408 controls the encryption and entitlements associated withthe A/V content according to the CAS application applied 407.Accordingly, encryption control 409 is managed between the CAS controlcomponent 408 and the CAS operations module component performing CASencapsulation 407. Content entitlements 410 are managed between the CAScontrol component 408 and the intended recipient (in this case thedistribution service provider system 104) over a network, such as thefirst distribution network 110. In one embodiment, content entitlementoperations 410 may be performed over a portion of the first distributionnetwork 110 comprising a dedicated, private or semi-private link betweenthe content provider system 102 and the distribution service providersystem 104 (e.g., via out-of-band communications).

After applying both the DRM application and the CAS application to theA/V content, resulting in AVDC, the A/V content is transmitted 411 todistribution equipment for distribution 412 to the distribution serviceprovider system 104. The A/V content is distributed 412 over the firstdistribution network 110 in its DRM-protected and CAS-controlled form(AVDC). According to one embodiment, the communications link over whichthe A/V content is distributed 412 may differ from the communicationslink over which the CAS entitlements 410 are transmitted.

At the distribution service provider system 104, the A/V content (AVDC)is received 412 over the first distribution network 110 and the CASentitlements 410 are received separately over the first distributionnetwork 110. As mentioned, the communications link over which the A/Vcontent is distributed 412 may, but need not, differ from thecommunications link over which the CAS entitlements 410 are transmitted.In another embodiment, they may be transmitted over the same link withinthe content distribution network 110. A distribution/receiver 413 orother associated system, component, and/or programming module may beutilized by the distribution service provider system 104 to receive 412the A/V content, while a CAS operations module operable to remove theCAS application (also referred to herein interchangeably as “CASdecapsulation”) 415 may receive the CAS entitlements 410. According toone embodiment, both the distribution/receiver and the CAS operationsmodule may be included or otherwise associated with a content receivercomponent of the distribution service provider system 104.

The CAS operations module additionally receives 414 the A/V content andperforms CAS authorizations based on the A/V content CAS application andthe CAS entitlements received. If entitled, according to the CASauthorization results, the CAS operations module performs CASdecapsulation 415 to remove the CAS application from the A/V content,resulting in an A/V stream having only the DRM application applied orotherwise associated therewith (AVD).

According to one embodiment, the distribution service provider may notdesire to remove the DRM application, and thus can transmit 416 the A/Vcontent with the DRM application (AVD) for CAS encapsulation 417, suchas by a CAS operations module (which may be the same or different modulethat performs CAS decapsulation 415). For example, according to oneembodiment, the distribution service provider 104 includes its own CAScontrol 418, similar to the CAS control 408 of the content serviceprovider, which manages encryption 419 when performing CAS encapsulation417 and manages CAS entitlements 420 with a subscriber CPE device 106.After CAS encapsulation 417 is performed by the distribution serviceprovider system 104, resulting in A/V content having both the DRMapplication (as provided by the content provider) and the CASapplication (provided by the distribution service provider) (AVDC), theA/V content can be transmitted 421 to distribution equipment fordistribution 422 to the subscriber's CPE device 106 over the seconddistribution network 112.

Otherwise, according to another embodiment, if the distribution serviceprovider does intend to process the A/V content, such as to performmanipulations, alterations, additions, and the like, the DRM applicationcan be removed within a trusted domain 424 of the distribution serviceprovider system 104. Accordingly, after CAS decapsulation 415, theresulting A/V content (AVD) can be transmitted 423 to the trusted domain424, which may be a separate device or system, or it may be a componentor module within or associated with another distribution serviceprovider component. Within the trusted domain 424, a DRM operationsmodule can first capture, store, and/or share 425 necessary DRMapplication information to allow re-application of the DRM applicationto the A/V content stream (referred to herein interchangeably as “DRMre-encapsulation”) 430. For example, this DRM information may be shared425 with the same or different DRM operations module within the trusteddomain 424. After capturing, storing, and/or sharing 425 the DRMinformation, the DRM operations module can remove the DRM applicationfrom the A/V content (referred to herein interchangeably as “DRMdecapsulation”) 426 to allow subsequent content manipulation or otherprocessing.

After the DRM application is removed 426, the A/V content (AV) can betransmitted 427 to a content manipulations module to perform contentmanipulation 428. As discussed above, content manipulation 428 is alsoperformed within the trusted domain 424 of the distribution serviceprovider system 104, so as to adequately protect the A/V content fromunauthorized use while stripped of its DRM application.

Upon completion of content manipulation 428, the manipulated A/V contentis transmitted 429 to the same or different DRM operations module toperform DRM re-encapsulation 430, also within the trusted domain 424.According to one embodiment, DRM re-encapsulation may re-apply the sameor similar DRM application as is originally provided with the A/Vcontent from the content provider system 102. Although, in otherembodiments, a different or altered DRM application may be applied. Forexample, a different DRM application may be applied if the intendedrecipient subscriber's device operates with a different DRM application,or if the original DRM application is no longer compliant with the A/Vcontent after manipulation 428 (e.g., if the content resolution has beendowngraded, the DRM resolution may be downgraded, etc.).

Upon DRM re-encapsulation 430, the A/V content (AVD) is transmitted 431to the CAS operations module to perform CAS encapsulation 417 andsubsequent distribution 422 over the second distribution network 112 inaccordance with that described above.

Accordingly, the A/V content (AVDC) is received 422 by a receiver device432 of the subscriber's CPE device 106 over the second distributionnetwork 112 for presentation, storage, transfer, or any otherpermissible use by the subscriber. As described above, the CPE device106 may be any device operable to connect to the second distributionnetwork 112 and receive and perform subsequent processing on the A/Vcontent, such as, but not limited to a set-top box, media gateway,television, a cable card, a personal computer and associated software,hardware, and/or firmware, and the like. In addition, CAS entitlements420 from the distribution service provider system 104 may also betransmitted over the second distribution network 112, which may be overthe same or a different network connection as that over which the A/Vcontent is distributed. For example, in one embodiment, CAS entitlements420 may be transmitted to a CAS operations module of the CPE device 106by out-of-band communications in association with the in-banddistribution 422 of the A/V content. The A/V content is passed 433 fromthe receiver 432 to the CAS operations module, to enable the CPE device106 to perform CAS authorization in accordance with the CAS applicationto authorize access to the A/V content. Upon performing CASauthorization, the CAS operations module performs CAS decapsulation 434to remove the CAS application from the A/V content, resulting in A/Vcontent having only the DRM application applied or associated therewith(AVD).

It is appreciated that the DRM application and associated rights andlimitations will guide how the CPE device 106 and other target devices,storage systems, etc., can utilize the A/V content when under theprotection of the DRM application. For example, various DRM protectionrights and limitations include, but are not limited to, copy control,movement control, consumption (use) control, propagation control, outputcontrol, scrambling control, storage control, and/or transcodingcontrol. According to some embodiments, copy and movement controls mayguide whether or how many times the A/V content can be copied by adevice (e.g., copy once, copy never, copy freely, copy no more, etc.) orhow long the A/V content may be retained in memory (e.g., a retentionlimit set to 24 hours, for example). According to some embodiments,consumption controls guide whether and when the A/V content can beviewed, how often or how many times the A/V content can be viewed,and/or how many simultaneous viewings of the A/V content can occur.According to some embodiments, propagation controls may guide thelocalities and domains to which the A/V content can be moved and inwhich the A/V content can be viewed (e.g., in local proximity, within amanaged domain, anywhere, etc.). According to some embodiments, outputcontrols guide the means by or over which the A/V content can be output,such as controlling the output format (e.g., analogue SD or analogue HD,etc.) or controlling the connection protocol (e.g., IEEE 1394, DVI,HDMI, Ethernet, USB, STA, any DTCP/IP device, resolution limits, etc.).According to some embodiments, storage controls provide guidance as tothe types of devices and/or storage medium on which the A/V content canbe stored (e.g., DVD-R media, DVD-RAM media, DVD-RW media, DVD-VRformat, HD-DVD, Blu-ray Disc, a local hard drive, an external harddrive, a digital media player, etc.). According to some embodiments, thetranscoding controls guide the types of formats or encoding in which theA/V content is allowed to be transcoded. It is appreciated that theaforementioned DRM rights and limitations are provided for illustrativepurposes, and that any other rights and limitations can be providedaccording to various embodiments.

In one embodiment, if the A/V content is to be presented (e.g.,displayed, played, etc.) in real-time as received over the seconddistribution network 112, the A/V content may be passed 435 to a DRMoperations module to perform DRM authorization (e.g., with the contentprovider system 102 and/or a third-party DRM system 108) and DRMdecapsulation 436 if so authorized, resulting in A/V content stripped ofits DRM (AV) for presentation, after which it will be transmitted 437from the CPE device 106 for display, such as to a television, projector,monitor, audio system, or other presentation or output device 438. Anyconventional interface between the CPE device 106 initially receivingthe A/V content and a presentation or output device may be utilized. Inone example, this interface between the CPE device 106 and thepresentation or output device 438 may include link-level DRM or otherencryption and/or protection means, such as, but not limited to, aDigital Transmission Content Protection (e.g., DTCP or DTCP/IP)protocol.

In another instance, when the A/V content is to be shared or otherwisetransmitted over an in-home network 440, the A/V content (AVD) may betransmitted 439 over the in-home network 440 after CAS decapsulation 434to one or more other target devices in communication with the in-homenetwork 440. In one embodiment, the in-home network 440 may likewiseinclude DTCP or DTCP/IP protocol; though, it is not required, as the A/Vcontent remains protected by the DRM application. When accessed andutilized by a target device in communication with the in-home network440, the DRM application rights and limitations will be authorized bythat device's DRM client module with the appropriate party (e.g., withthe content provider system 102 and/or a third-party DRM system 108).

In another instance, the A/V content may also be stored 442 within acontent storage system, such as, but not limited to, a computer harddrive, another memory device, a DVR, and the like. In one embodiment,the A/V content may be transmitted 441 after CAS decapsulation 434 whileretaining the DRM application (AVD) to the content storage system forcontent storage 442. In another embodiment, however, the A/V content maybe transmitted (not shown) after DRM decapsulation 436 to the contentstorage system, allowing the A/V content to be stored without DRMprotection. After storage 442, the A/V content may be presented via thepresentation or output device 438, such as by being passed 443 throughthe DRM operations module to perform DRM decapsulation 436 prior totransmission 437 to the presentation or output device 438.

According to one embodiment, the DRM application may call for the A/Vcontent to be modified or otherwise processed prior to transmitting fromthe CPE device 106. Accordingly, after DRM decapsulation 436, the A/Vcontent can be passed 444 to a content manipulations module forprocessing 445. For example, the copy, consumption, or transcodingcontrols may call for altering the resolution of the A/V content beforetransmitting 446 to the presentation or output device 438 ortransmission over the in-home network 440. In one embodiment, afterprocessing 445 the A/V content, the A/V content is transmitted 447 to aDRM operations module for DRM re-encapsulation 448 prior to transmission449 over the in-home network 440 or transmission 450 to a contentstorage system for storage 442. In another embodiment, instead ofperforming content processing 445, after DRM decapsulation 436 (and/orafter DRM authorization), the A/V content can be transmitted 451 to theDRM operations module for DRM re-encapsulation 448 prior to transmission449 over the in-home network 440 or transmission 450 to a contentstorage system for storage 442.

Accordingly, the block diagram 400 illustrates an example in which A/Vcontent is distributed by a content service provider with both CAS andDRM protection applied thereto. Upon receipt, the distribution serviceprovider is capable of removing both the CAS application and, if calledfor to perform content manipulation, to remove the DRM application.Prior to transmission to the subscriber, the DRM application can bere-applied, as well as the same or a different CAS application. Uponreceipt at the subscriber's CPE device 106, CAS authorization andremoval and DRM authorization and removal are performed independently,CAS operations being performed with the distribution service provider,but DRM operations being performed with the content provider and/or athird-party DRM provider. Thus, according to this system, as a result ofproviding a DRM application that is separate from the CAS application,and which is provided by or on behalf of the content provider and not bythe distribution service provider, the distribution service provider isable to focus on content preparation and distribution without having tomanage, implement, and coordinate a DRM solution.

FIG. 4B illustrates a block diagram 460 that represents anotherembodiment of illustrative operations and data flow performed by acontent provider system 102, allowing DRM encapsulation 403 to beperformed off-line, not in real-time during the preparation anddistribution of the A/V content. According to this embodiment, storedA/V content 401 is transmitted 461 from a content storage system to aDRM operations module for DRM encapsulation 403. Like that describedwith reference to FIG. 4A, DRM encapsulation 403 may be performed by thecontent provider system 102 or by a third-party DRM system 108 on behalfof the content provider system, or any combination thereof. After DRMencapsulation, the A/V content (AVD) is transmitted 462 back for storage401 with the content storage system for subsequent distribution to adistribution service provider system. In one embodiment, CASencapsulation 407 may be performed at or near the same time (e.g.,off-line) as the DRM encapsulation 403; though, in other embodiments,CAS encapsulation 407 may be performed prior to distributing the A/Vcontent to a distribution service provider. The remaining operations maybe performed in the same or similar manner as are described withreference to FIG. 4A.

FIG. 4C illustrates a block diagram 470 that represents anotherembodiment of illustrative operations and data flow performed by one ormore content provider systems 102, distribution service provider systems104, CPE devices 106, and, optionally, third-party DRM systems 108.According to this embodiment, the operations illustrated by the blockdiagram 470 allow utilizing the systems for the preparation anddistribution of A/V content that includes video on-demand assets (orother on-demand assets). Only those operations that differ from thatdescribed with reference to FIG. 4A will be described here.

With reference to the block diagram 470, a pitcher module 472 of thecontent provider system 102 is utilized to distribute A/V content thatincludes video on-demand (or other on-demand) assets (referred to forsimplicity as “VOD assets”). Accordingly, the pitcher module 472receives 471 the VOD assets having the CAS application and the DRMapplication applied thereto or otherwise associated therewith (AVDC).The pitcher module 472 can be any conventional pitcher device orprogramming logic as utilized in cable, satellite, or IP networks. Thepitcher module 472 distributes 473 the VOD assets (AVDC) over the firstdistribution network 110 to a receiver within a catcher module 474 ofthe subscriber's CPE device 106. After performing CAS authorization andCAS decapsulation, the VOD assets (AVD) are passed 475 to a videoon-demand subsystem 476 of the distribution service provider system 104.According to one embodiment, within the video on-demand subsystem 476,the VOD assets may be manipulated or otherwise processed by removing andsubsequently re-applying the DRM application, similar to that describedwith reference to FIG. 4A. In this manner, the video on-demand subsystem476 operates as a trusted domain and may include or otherwise performthe same or similar functions as a DRM operations module. However, inother embodiments, the DRM application may be retained and no assetmanipulation performed within the video on-demand subsystem 476. Fromthe video on-demand subsystem 476, the VOD assets are transmitted 477back to a CAS operations module for CAS encapsulation and then to adistribution module for distribution to a subscriber's CPE device 106over the second distribution network 112, in the same or similar manneras is described with reference to FIG. 4A.

The CPE device 106 includes a specifically configured on-demandapplication processor module 479 operable for processing on-demandcontent. Accordingly, after CAS decapsulation, the VOD assets aretransmitted 478 to the on-demand application processor module 479 forprocessing the VOD assets prior to DRM decapsulation for presentationvia a presentation or output device 438. It is appreciated that, in someembodiments, depending upon how the DRM application is applied to orotherwise associated with the VOD assets from the distribution serviceprovider system 104 (or the content provider system 102), the DRMapplication may be transmitted 480 over the second distribution network112 independent of the respective VOD assets between the video on-demandsubsystem 476 and the on-demand application processor module 479. Thisaspect represents instances in which the DRM application can be passedby out-of-band communications over the second distribution network 112.

Accordingly, the block diagram 470 illustrates an example in which A/Vcontent containing VOD assets is distributed from a pitcher module 472of a content provider system to a catcher module 474 of a distributionservice provider system 104 for preparing the VOD assets fordistribution to a subscriber's CPE device 106 having the CAS applicationand DRM application separately associated with the VOD assets.

FIGS. 5A-5C provide illustrative representations of operations to applyand remove a CAS application and a DRM application for respective A/Vcontent, according to various embodiments. The operations illustrated inFIGS. 5A-5C represent the interim states of the A/V content andassociated CAS application and DRM application during the operationsperformed with reference to FIGS. 4A-4C.

FIG. 5A illustrates the operations of applying a DRM application and aCAS application to original A/V content by the content provider system102 prior to distribution to a distribution service provider system 104,according to one embodiment. Accordingly, original A/V content 502 isstored or otherwise made available at a content service provider systemfor distribution. Next, a DRM operations module applies a DRMapplication 504 to the A/V content 502, resulting in A/V content havinga DRM application associated therewith (AVD). As described herein, theDRM application 504 may be applied by the content provider system 102,or may be applied by or with the assistance of a third-party DRM system108. In one embodiment, the DRM application 504 is applied within thecontent provider system 102 hardware. However, in other embodiments, itis appreciated that the A/V content may be transmitted to a systemremote from the content provider system 102 (e.g., a third-party DRMsystem 108) to apply the DRM application thereto. The DRM applicationmay be associated with the A/V content according to any of the exampleembodiments described with reference to FIGS. 7A-7C.

After layering on or otherwise applying or associating the DRMapplication 502, the CAS application 506 is similarly applied to the A/Vcontent 502 by a CAS operations module of the content provider system102, resulting in A/V content 502, having both a DRM application 504 anda CAS application 506 associated therewith (AVDC) protecting access toand unauthorized use thereof. Accordingly, after layering the DRMapplication 504 and the CAS application 406, the A/V content (AVDC) isready for distribution over the first distribution network 110 to adistribution service provider system 104.

FIG. 5A therefore represents a visual depiction of the original A/Vcontent 502 in its various stages without and with the DRM application504 and the CAS application 506, according to one embodiment. It isappreciated that, according to various embodiments, the CAS application506 provided by the content provider system 102 may be interchangeablyreferred to herein as a content provider CAS application, a first CASapplication, and/or a level 1 CAS application. Similarly, the DRMapplication 504 may be interchangeably referred to herein as a contentprovider DRM application, a first DRM application, and/or a level 1 DRMapplication.

FIG. 5B illustrates the operations of replacing a content provider CASapplication 506 with a service provider CAS application 508 by thedistribution service provider system 104 prior to distribution to asubscriber, according to one embodiment. After receipt of the A/Vcontent 502 having both the DRM application 504 and the CAS application406 supplied by the content providers system 102, a CAS operationsmodule at the distribution service provider system 104 removes thecontent provider CAS application 506 from the A/V content 502 (AVD).Subsequently, which may be any time prior to distribution to thesubscriber, the CAS operations module applies a second CAS application508 to the A/V content (AVDC). While the content provider CASapplication 506 facilitates CAS authorization between the distributionservice provider system 104 and the content provider system 102, theservice provider CAS application 508 facilitates CAS authorizationbetween the subscriber CPE device 106 and the distribution serviceprovider system 104 during content distribution to subscribers. It maybe desirous to do so because the access allowed by the distributionservice provider system 104 may be different than the access allowed bythe subscriber device. Accordingly, after applying the service providerCAS application 508 to the A/V content 502, still retaining the DRMapplication 504, the A/V content (AVDC) is ready for distribution to oneor more subscriber CPE devices 106.

FIG. 5C illustrates the operations of replacing a content provider CASapplication 506 with a service provider CAS application 508 by thedistribution service provider system 104 prior to distribution to asubscriber, as described with reference to FIG. 5B, in addition toprocessing the original A/V content 502 into modified A/V content 510,according to one embodiment. After the content provider CAS application406 is removed from the original A/V content 502, a DRM operationsmodule removes the DRM application 504 from the original A/V content502. After removal of the DRM application 504, a content manipulationmodule may perform the desired content processing, resulting in modifiedA/V content 510. After modifying the A/V content 510, the DRM operationsmodule continues to re-apply the DRM application 504 to the modified A/Vcontent 510. This DRM decapsulation, content manipulation, and DRMre-encapsulation all occur within a trusted domain of the distributionservice provider system 104. Finally, the CAS operations modulesubsequently applies a service provider CAS application 508 to themodified A/V content 510, which already includes the DRM application504. After which, the modified A/V content 510 layered with both the DRMapplication 502 and the service provider CAS application 508 (AVDC) isready for distribution to one or more subscriber CPE devices 106.

Accordingly, FIGS. 5A-5C illustrate A/V content in various stages ofprotection by one or more different CAS applications, DRM application,and optionally in modified form after modification by a distributionservice provider. After the operations illustrated by either FIG. 5B or5C, the A/V content (AVDC) is ready for distribution, being protected bya service provider CAS application and a DRM application applied by oron-behalf of a content provider.

FIGS. 6A-6D provide illustrative representations of operations performedby a subscriber CPE device 106 to remove a CAS application and alter theDRM application and/or modify the A/V content for subsequent uses,according to various embodiments. The operations illustrated in FIGS.6A-6D represent the interim states of the A/V content and associated CASapplication and DRM application, such as to alter between various typesof DRM application association, as described by example with referenceto FIGS. 7A-7C, and/or to alter the DRM application and/or A/V contentfor subsequent sharing, storage, and/or uses of the A/V content, asdescribed by example with reference to FIGS. 3-4C.

FIG. 6A illustrates the operations of converting a DRM application 604from being in carousel association with an A/V content stream 602 to aDRM application 614 placed before or at the beginning of the A/V contentstream 602, according to one embodiment. As described above withreference to FIG. 7A, a DRM application 604 that is associated incarousel fashion at multiple locations along the A/V content stream 602can be utilized during linear broadcasting. However, it may be desirableto alter the carousel DRM application 604 to a DRM application 614 placebefore or at the beginning of the A/V content stream 602 when storingthe A/V content 602 within a content storage system, streamlining thesubsequent processing and reducing storage space occupied, and/orpermitting transfer to target devices.

Accordingly, with reference to FIG. 6A, an A/V content stream 602 mayinitially be received at a CPE device 106 having a DRM application 604associated in carousel fashion and a service provider CAS application606 (AVDC). A CAS operations module may then remove the CAS application606 (AVD). After removal of the CAS application 606, a DRM operationsmodule may then remove the carousel DRM application 604 and re-apply aDRM application 614 at or near the beginning of the A/V content stream602. After applying the DRM application 614 to the beginning of the A/Vcontent 602, the A/V content (AVD) may be stored on a content storagedevice, as described herein. It is appreciated that, according to oneembodiment, the rights and limitations of the DRM applications and theassociated DRM protocol are not actually changing, rather the placementor association of the DRM application with the A/V content is changing.It is also appreciated that, according to various embodiments, the DRMremoval and re-application occur within a trusted domain of the CPEdevice 106, similar to the trusted domain described of the distributionservice provider system 104, to protect unauthorized access and use ofthe A/V content 602.

FIG. 6B similarly illustrates the operations of converting a DRMapplication 604 from a carousel association with A/V content stream 602to a DRM application 624 that is transmitted separately from the A/Vcontent stream 602 (e.g., “out-of-band” DRM), according to oneembodiment. As described above with reference to FIG. 7C, a DRMapplication 624 that is transmitted separately, such as via out-of-bandcommunications, may also improve subsequent processing, simplify storageoperations, and/or facilitate transfer of the A/V content 602 withtarget devices. Accordingly, the DRM application 604 initiallyassociated with the A/V content 602 in FIG. 6B may instead be modifiedby a DRM operations module in a trusted domain to a DRM application 624located separate from the A/V content stream 602, which permitssubsequent separate transmission or sharing and/or separate storage ofthe DRM application 624 relative to the A/V content 602.

FIG. 6C illustrates the operations of converting a DRM application 614that is associated at or near the beginning of the A/V content stream602, such as is accomplished by the operations described with referenceto FIG. 6A, to a DRM application 624 that is transmittable separate fromthe A/V content 602, such as is described with reference to FIG. 6B,according to one embodiment. It may be desirable to convert to a DRMapplication 624 that is transmittable separate from the A/V content 602(also referred to as out-of-band DRM) to satisfy the DRM protocolrequirements of a target device when transmitting the A/V content 602for use with a target device. Accordingly, an A/V stream 602 may beretrieved from a content storage system, such as may have been stored bythe operations described with reference to FIG. 6A, that includes a DRMapplication 614 at the beginning of the A/V content stream 602. Within atrusted domain of the CPE device 106, the DRM application 514 may beremoved and replaced with an out-of-band DRM application 624. Afterapplying the out-of-band DRM application 624 to the A/V content 602, theA/V content 602 is ready for transmission or sharing with a secondarytarget device (e.g., digital audio player, digital video player, smartphone, etc.).

FIG. 6D illustrates the operations of converting a DRM application 614that is associated at or near the beginning of the A/V content stream602 to a DRM application 624 that is transmittable separate from the A/Vcontent 602, such as is described with reference to FIG. 6C, but alsomodifying the original A/V content 602 to modified A/V content 612.According to one embodiment, the DRM removal, the A/V contentmodification, and the DRM re-application occur within a trusted domainof the CPE device 106 to protect unauthorized access and use of the A/Vcontent 602.

It is appreciated that, according to various other embodiments, anyvariation or combination of the DRM modifications described withreference to FIGS. 6A-6D may be performed. For example, with referenceto FIG. 6D, instead of also converting the DRM application from onepositioned at or near the beginning of an A/V content stream to anout-of-band DRM application, the same DRM application can be re-appliedafter modification of the A/V content. As another example, withreference to FIG. 6A, the A/V content stream may also be modified withinthe trusted domain prior to re-applying the DRM application and storage,like that described with to FIG. 6D.

Accordingly, embodiments illustrated and described herein provide asystem or systems in which A/V content is distributed by a contentservice provider with both CAS and DRM protection applied thereto. Uponreceipt, the distribution service provider is capable of removing boththe CAS application and, if called for to perform content manipulation,to remove the DRM application. Prior to transmission to the subscriber,the DRM application can be re-applied, as well as the same or adifferent CAS application. Upon receipt at the subscriber's CPE device,CAS authorization and removal and DRM authorization and removal areperformed independently, CAS operations being performed with thedistribution service provider, but DRM operations being performed withthe content provider and/or a third-party DRM provider. Thus, accordingto this system, as a result of providing a DRM application that isseparate from the CAS application, and which is provided by or on behalfof the content provider and not by the distribution service provider,the distribution service provider is able to focus on contentpreparation and distribution without having to manage, implement, andcoordinate a DRM solution. It is appreciated that these, and otheradvantages, will be apparent from the foregoing disclosure.

Various block and/or flow diagrams of systems, methods, apparatus,and/or computer program products according to example embodiments aredescribed above. It will be understood that one or more blocks of theblock diagrams and flow diagrams, and combinations of blocks in theblock diagrams and flow diagrams, respectively, can be implemented bycomputer-executable program instructions. Likewise, some blocks of theblock diagrams and flow diagrams may not necessarily need to beperformed in the order presented, or may not necessarily need to beperformed at all, according to some embodiments.

These computer-executable program instructions may be loaded onto aspecial purpose computer or other particular machine, a processor, orother programmable data processing apparatus to produce a particularmachine, such that the instructions that execute on the computer,processor, or other programmable data processing apparatus create meansfor implementing one or more functions specified in the flow diagramblock or blocks. These computer program instructions may also be storedin a computer-readable memory that can direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer-readablememory produce an article of manufacture including instruction meansthat implement one or more functions specified in the flow diagram blockor blocks. As an example, embodiments of the invention may provide for acomputer program product, comprising a computer usable medium having acomputer-readable program code or program instructions embodied therein,said computer-readable program code adapted to be executed to implementone or more functions specified in the flow diagram block or blocks. Thecomputer program instructions may also be loaded onto a computer orother programmable data processing apparatus to cause a series ofoperational elements or steps to be performed on the computer or otherprogrammable apparatus to produce a computer-implemented process suchthat the instructions that execute on the computer or other programmableapparatus provide elements or steps for implementing the functionsspecified in the flow diagram block or blocks.

Accordingly, blocks of the block diagrams and flow diagrams supportcombinations of means for performing the specified functions,combinations of elements or steps for performing the specified functionsand program instruction means for performing the specified functions. Itwill also be understood that each block of the block diagrams and flowdiagrams, and combinations of blocks in the block diagrams and flowdiagrams, can be implemented by special-purpose, hardware-based computersystems that perform the specified functions, elements or steps, orcombinations of special purpose hardware and computer instructions.

Many modifications and other embodiments of the invention set forthherein will be apparent having the benefit of the teachings presented inthe foregoing descriptions and the associated drawings. Therefore, it isto be understood that the invention is not to be limited to the specificembodiments disclosed and that modifications and other embodiments areintended to be included within the scope of the appended claims.Although specific terms are employed herein, they are used in a genericand descriptive sense only and not for purposes of limitation.

1. A system for providing content having digital rights management applications separable from other authorization applications, comprising: a distribution service provider system comprising at least one processor and memory storing computer-executable instructions, wherein the distribution service provider system is in communication with a content provider system and consumer premise equipment (CPE) for the transmission of content from the content provider system to the CPE; the distribution service provider system configured to: receive audio and/or video content (A/V content) provided by the content provider system, wherein the A/V content includes a digital rights management (DRM) application; apply a conditional access system (CAS) application to the A/V content, wherein the CAS application is independent of the DRM application; transmit the A/V content including the CAS application and the independent DRM application to the CPE for presentation; perform CAS authorization with the CPE to authorize the A/V content according to the CAS application independent of the DRM application, wherein additional DRM authentication is to be performed by the CPE according to the DRM application.
 2. The system of claim 1, wherein the A/V content received from the content provider system comprises a CAS application, and wherein, upon receipt of the A/V content from the content provider system, the distribution service provider system is further configured to: perform CAS authorization with the content provider system to authorize the A/V content use by the distribution service provider system according to the CAS application provided with the A/V content as received from the content provider system; and remove the CAS application from the A/V content.
 3. The system of claim 2, wherein the CAS application provided with the A/V content as received from the content provider system comprises a content provider CAS application and wherein the CAS application applied to the A/V content by the distribution service provider system comprises a service provider CAS application.
 4. The system of claim 3, wherein the content provider CAS application and the service provider CAS application differ, and wherein the CAS authorization performed with the CPE is performed according to the service provider CAS application.
 5. The system of claim 1, wherein, prior to applying the CAS application to the A/V content, the distribution service provider system is further configured to: remove the DRM application from the A/V content; process the A/V content after removal of the DRM application; and reapply the DRM application to the A/V content.
 6. The system of claim 5, wherein processing the A/V content comprises at least one of adding to or manipulating the A/V content.
 7. The system of claim 5, wherein the distribution service provider system further comprises a trusted domain in accordance with the DRM application, and wherein the removal of the DRM application, the processing of the A/V content, and the reapplication of the DRM application are performed within the trusted domain.
 8. The system of claim 5, wherein the distribution service provider system is further configured to authorize with the content provider system or a third-party DRM system rights of the distribution service provider system to remove the DRM application from the A/V content.
 9. The system of claim 8, wherein the distribution service provider system is configured to authorize with the content provider system or the third-party DRM system the rights of the distribution service provider system to remove the DRM application from the A/V content: (a) for each A/V content received or a portion thereof; or (b) independent of individual A/V content received.
 10. The system of claim 1, wherein the DRM application comprises a first DRM application, and wherein, prior to applying the CAS application to the A/V content, the distribution service provider system is further configured to: remove the first DRM application from the A/V content; process the A/V content after removal of the DRM application; and apply a second DRM application different from the first DRM application to the A/V content.
 11. The system of claim 1, wherein the DRM application is included or associated with the A/V content by the content provider.
 12. The system of claim 1, wherein the DRM application is included or associated with the A/V content by a third-party DRM system.
 13. The system of claim 1, wherein the distribution service provider system is associated with one of: (a) a cable provider; (b) a multiple systems operator; (c) a satellite provider; (d) an IP content provider; or (e) a digital media host.
 14. The system of claim 1, wherein the distribution service provider system is configured to transmit the A/V content to the CPE by one of: (a) linear broadcast; or (b) unicast.
 15. The system of claim 1, wherein the A/V content includes the DRM application as at least one of: (a) the DRM application embedded at the beginning of a stream transmitting the A/V content; (b) the DRM application embedded at one or more locations in a stream transmitting the A/V content; or (c) a pointer to the DRM application included in the stream transmitting the A/V content, wherein the DRM application is separately retrievable over a network or from memory.
 16. The system of claim 1, wherein the A/V content comprises at least one of: (a) a video on-demand asset; (b) audio content; (c) video content; (d) graphic content; (e) text-based content; non-text-based content; or (f) software.
 17. A method for providing content having digital rights management applications separable from other authorization applications, comprising: receiving audio and/or video content (A/V content) from a content provider system, wherein the A/V content includes a digital rights management (DRM) application; applying a conditional access system (CAS) application to the A/V content, wherein the CAS application is independent of the DRM application; transmitting the A/V content including the CAS application and the independent DRM application to a customer premise equipment (CPE) for presentation; performing CAS authorization with the CPE to authorize the A/V content according to the CAS application independent of the DRM application, wherein additional DRM authentication is to be performed by the CPE according to the DRM application.
 18. The method of claim 17, wherein the A/V content received from the content provider system comprises a CAS application, and further comprising: performing CAS authorization with the content provider system to authorize the A/V content use according to the CAS application provided with the A/V content as received from the content provider system; and removing the CAS application from the A/V content.
 19. The method of claim 18, wherein the CAS application provided with the A/V content as received from the content provider system comprises a content provider CAS application, wherein applying the CAS application to the A/V content comprises applying a service provider CAS application that differs from the content provider CAS application, and wherein performing the CAS authorization with the CPE is performed according to the service provider CAS application.
 20. The method of claim 17, further comprising, prior to applying the CAS application to the A/V content: removing the DRM application from the A/V content; processing the A/V content after removal of the DRM application; and reapplying the DRM application to the A/V content.
 21. The method of claim 20, wherein removing the DRM application, processing the A/V content, and reapplying the DRM application are performed within a trusted domain in accordance with the DRM application.
 22. The method of claim 21, further comprising authorizing with the content provider system or a third-party DRM system rights to remove the DRM application from the A/V content.
 23. The method of claim 17, wherein the DRM application comprises a first DRM application, and further comprising, prior to applying the CAS application to the A/V content: removing the first DRM application from the A/V content; processing the A/V content after removal of the DRM application; and applying a second DRM application different from the first DRM application to the A/V content.
 24. A system for receiving and utilizing content, comprising: a consumer premise equipment (CPE) comprising at least one processor and memory storing computer-executable instructions providing a conditional access system (CAS) module and a digital rights management (DRM) module, the CPE in communication with a distribution service provider system and operable to receive audio and/or video content (A/V content), wherein the A/V content includes a DRM application and a CAS application independent of the DRM application; the CAS module configured to perform, upon receipt of the A/V content, CAS authorization with the distribution service provider system according to the CAS application; and the DRM module configured to perform DRM authorization with a DRM system according to the DRM application; wherein the DRM authorization is performed independent of the CAS authorization.
 25. The system of claim 24, wherein the DRM system is associated with one of: (a) the distribution service provider; (b) a content provider; or (c) a third-party DRM system.
 26. The system of claim 24, wherein the CAS module of the CPE is further configured to remove the CAS application from the A/V content to subsequently allow at least one of: (a) manipulation of the A/V content; (b) storage of the A/V content; or (c) presentation of the A/V content.
 27. The system of claim 26, wherein the DRM application comprises a first DRM application, and wherein the DRM module of the CPE is further configured to remove the first DRM application from the A/V content subsequent to removing the CAS application from the A/V content.
 28. The system of claim 27, wherein the CPE is further configured to manipulate the A/V content subsequent to removing the first DRM application from the A/V content.
 29. The system of claim 27, wherein the DRM application of the CPE is further configured to apply a second DRM application to the A/V content subsequent to removing the CAS application from the A/V content.
 30. The system of claim 29, wherein the second DRM application differs from the first DRM application.
 31. The system of claim 29, wherein the second DRM application is applied to the A/V content according to at least one of: (a) the second DRM application embedded at the beginning of a stream transmitting the A/V content; (b) the second DRM application embedded at one or more locations in a stream transmitting the A/V content; or (c) a pointer to the second DRM application included in the stream transmitting the A/V content, wherein the second DRM application is separately retrievable over a network or from memory.
 32. The system of claim 26, wherein the first DRM application is applied to the A/V content according to at least one of: (a) the first DRM application embedded at the beginning of a stream transmitting the A/V content; (b) the first DRM application embedded at one or more locations in a stream transmitting the A/V content; or (c) a pointer to the first DRM application included in the stream transmitting the A/V content, wherein the first DRM application is separately retrievable over a network or from memory.
 33. The system of claim 24, wherein the CPE further comprises a trusted domain in accordance with the DRM application, and wherein the removal of the DRM application, the processing of the A/V content, and the reapplication of the DRM application are performed within the trusted domain.
 34. The system of claim 24, wherein the CPE is further configured to transmit the A/V content with the DRM application to a secondary consumer device for DRM authorization and at least one of: (a) manipulation of the A/V content; (b) storage of the A/V content; or (c) presentation of the A/V content.
 35. The system of claim 34, wherein the DRM application comprises a first DRM application, and, wherein, prior to transmitting the A/V content to the secondary consumer device, the DRM module is further configured to: remove the first DRM application from the A/V content subsequent to removing the CAS application from the A/V content; and applying a second DRM application to the A/V content subsequent to removing the CAS application from the A/V content, wherein DRM authorization performed by the secondary consumer device is performed according to the second DRM application. 